Linux Kernel GPIO-Related Use-After-Free Vulnerability in UVC Video Driver

A use-after-free vulnerability has been identified in the Linux kernel's UVC video driver, specifically in versions prior to the fix. The issue arises when the driver is unbound from a USB interface while still using GPIO units. This improper handling can lead to a crash, as the interrupt request (IRQ) is not disabled, allowing the system to access already freed memory, which causes a kernel OOPS error. The vulnerability only affects devices with active GPIO units and requires the driver to be manually unbound, as a simple disconnection does not trigger the error.

Impact

Exploitation of this vulnerability leads to a kernel crash due to a use-after-free error, where the system attempts to access memory that has already been released, causing a kernel OOPS error. This type of error can potentially be exploited to execute arbitrary code in the kernel context, which is highly privileged and can compromise the entire system.

Remediation

Users can upgrade to the latest version of the Linux kernel where this vulnerability has been addressed. Instructions for upgrading the kernel can be found in the documentation for the specific Linux distribution in use.